<?php
session_start();
$main_page_header = 'location:../index.html';
if (empty($_POST['login']) or empty($_POST['password']))
{
	header($main_page_header);
	exit;
}

$login = $_POST['login'];
$password = $_POST['password'];

$reg = '/[A-Za-z0-9_]{2,}/';
if (!preg_match($reg, $login))
{
	header($main_page_header);
	exit;
}

mysql_connect('localhost', 'root');
mysql_select_db('dots');
$query = "SELECT userID, login, type FROM users WHERE login='$login' AND password='$password'";
$result = mysql_query($query);
if (!$result)
{
	header($main_page_header);
	exit;
}

$rows = mysql_fetch_array($result);
if (!$rows)
{
	header($main_page_header);
	exit;
}

$_SESSION['userID'] = $rows[0];
$_SESSION['login'] = $rows[1];
$_SESSION['type'] = $rows[2];

header('location:../main.php');
mysql_close();
exit;
?>